Skip to content

Creating a webapp which will be designed with an emphasis on keeping it's user's data secure and the process of ensuring that.

License

Notifications You must be signed in to change notification settings

LarsFin/Making-a-secure-web-app

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

License: CC0-1.0

Making-a-secure-web-app

The final project (undertaken during the last 2 weeks) of the Makers Academy course. The aim of this project was to gain an understanding in cyber security. A simple web app was developed (a basic twitter clone) with a test driven approach using few libraries and no frameworks. Employing a 'from the ground up' approach created various challenges which lead to the need for a custom-built HTML/Ruby templating-engine, ORM, http-server/middleware and hashing algorithm. This was to bypass the inherent security features implemented by well developed libraries/frameworks, allowing the app to be used as an environment to discover, exploit and document various security vulnerabilities. Subsequently this knowledge was used to develop suitable countermeasures.


Prerequisites


Setup

Getting the repo:

$ git clone https://github.com/LarsFin/Making-a-secure-web-app.git
$ cd Making-a-secure-web-app

Configuring environment:

$ gem install bundler
$ ruby db-reset.rb
$ bundle install

Running app:

$ ruby server.db

-> then visit

https://localhost:3000

What you should see user_experience

Links to flow diagrams: request/response cycle, control flow diagram


Running the tests

Tested in rspec with capybara using selenium webdriver. 100% test coverage (evaluated by SimpleCov).

Test suite consists of:

  • regression tests (for known vulnerabilities)
  • unit tests
  • feature tests

all tests used to expose vulnerabilities do not run but are stored in spec/hacks folder.

Running tests:

$ rspec

test screenshot


Acknowledgements

A few sites that gave us insight into well-known hacking techniques.

About

Creating a webapp which will be designed with an emphasis on keeping it's user's data secure and the process of ensuring that.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •